test: Workaround the new OpenSSH failure rate limiting

The new OpenSSH rate limits the failed authentication attempts per source address and drops connection when the amount is reached, which is happening in our testsuite. By whitelisting the IP address of the client on the socket wrapper, this allows the tests to pass. https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 7b89ff760a)
2026-02-04 12:20:42 +09:00 · 2024-08-09 11:30:15 +02:00
parent 825de355d4
commit afa77c11ca
1 changed files with 6 additions and 0 deletions
--- a/tests/torture.c
+++ b/tests/torture.c
@@ -755,6 +755,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
             "HostKeyAlgorithms " OPENSSH_KEYS "\n"
 #if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2
             "CASignatureAlgorithms " OPENSSH_KEYS "\n"
+#endif
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+             "PerSourcePenaltyExemptList 127.0.0.21\n"
 #endif
             "Ciphers " OPENSSH_CIPHERS "\n"
             "KexAlgorithms " OPENSSH_KEX "\n"
@@ -786,6 +789,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
             "%s\n" /* Here comes UsePam */
             "%s" /* The space for test-specific options */
             "\n"
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+             "PerSourcePenaltyExemptList 127.0.0.21\n"
+#endif
             "Ciphers "
                "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,"
                "aes128-gcm@openssh.com,aes128-ctr,aes128-cbc"